NationStates Jolt Archive

Linky (http://tech.yahoo.com/blogs/null/136610)
UK launches massive, one-year program to archive every email

Mon Apr 6, 2009 4:51PM EDT

In a move that even the most nonchalant of privacy advocates is crying foul over, the UK has put into effect a European Union directive which mandates the archival of information regarding virtually all internet traffic for the next 12 months. The program formally goes into effect today.

The data retention rules require the archival of all email traffic (the identities of the sender and receiver, but not the contents of the messages), records of VOIP telephone calls (traditional phone calls are already monitored), and information about every website visited by any computer user in the country. The rules are being pushed down "across the board to even the smallest company," as every ISP large or small will be required to collect and store the data. That data will then be accessible -- to fight "crime and terrorism," of course -- by "hundreds of public bodies" to investigate whatever crimes they see fit.

Technically the new directive applies to all countries of the EU, but individual nations appear to be complying with the rules to various degrees. Privacy-obsessed Sweden is reportedly ignoring the rule completely, for example.

The privacy implications of the rule are enormous, as everything UK citizens do online will now be under the watchful eye of EU's powerful Home Office. One privacy advocate, whose anger is clearly barely being held back, called it "the kind of technology that the Stasi would have dreamed of." Naturally, the government counters that this kind of information has already proven invaluable in tracking down criminals, including the killer of an 11-year-old boy a couple of years ago.

Privacy concerns aside, another issue becomes one of how exactly to manage all this data. A report dating back to 2004 estimated that a single, large ISP in the UK would need up to 40 million gigabytes of storage capacity to store the traffic data from a year of user activity. Even in 2009, that kind of storage doesn't come cheap, nor does the challenge of managing it all come easy.

I don't know if someone's already made a thread of this. NSGers seem to catch onto these things pretty quick, but whatever.

So, what do you guys think of this? I'm especially interested in hearing from our UK friends.

Thats going to be a boatload of spam to filter through...

Also its a blog, I don't place much faith in blogs...

I looked for "UK launches massive" in Google and found nothing. Got more than one linky for the story?

Finally, a use for Spam! SPAM SERVERS, UNITE!

Everone send more spam to break this before it gets started. I want Email volumes to quintuple.

I looked for "UK launches massive" in Google and found nothing. Got more than one linky for the story?

If you really typed that in google, you'd have found something. Maybe not this little article, but you would have found something. Rule #34.:tongue:

Rule #34.:tongue:

:eek: I can has brain bleach?

Also its a blog, I don't place much faith in blogs...

yeah, because its not like blogs ever link to sources or anything. and even if they did, we can't critically analyze things. we must take everything on faith, and blogs are not faith-worthy.

The link to the source (http://www.telegraph.co.uk/scienceandtechnology/technology/technologynews/5105519/Internet-records-to-be-stored-for-a-year.html) was hidden cleverly in the first paragraph.

If you really typed that in google, you'd have found something. Maybe not this little article, but you would have found something. Rule #34.:tongue:

Well, nothing except Chris Null's posting of this story, and several people who picked it up from him. On his blog site he has "Paranoia. Hypochondria. Delusions of Grandeur." There could be something in that.

UK email retention law comes into force (http://www.vnunet.com/vnunet/news/2239933/email-retention-law-comes-force)

Another link for you guys.

I don't care. I don't support it, but I don't care either, it doesn't bother me.

The link to the source (http://www.telegraph.co.uk/scienceandtechnology/technology/technologynews/5105519/Internet-records-to-be-stored-for-a-year.html) was hidden cleverly in the first paragraph.

sneaky bloggy bastards, always trying to pull a fast one on us

I don't care. I don't support it, but I don't care either, it doesn't bother me.

When they tapped the phones
I remained silent;
I did not use land lines.

Then they came for the email,
I remained silent;
I did not use email.

Then they set up cameras in the public square
I did not speak out;
I did not care about cameras.

When they came for me,
there was no were left to run.

Then they came for the email,
I remained silent;
I did not use email.


Correction, I do use email. It still does not bother me.

Correction, I do use email. It still does not bother me.

Not this 'If you're innocent, you have nothing to worry about' shit again...

Not this 'If you're innocent, you have nothing to worry about' shit again...

Please show where I said anything resembling that. I just said it doesn't bother me. Why don't you show me why I should be bothered (without vague platitudes and references to Orwell), give me a concrete reason why I should care.

The EU has just lost my respect.

Actually, the only thing that bothers me is the cost.

The EU has just lost my respect.

Why? It's a Directive, so Member States don't have to follow it, like Sweden, who decided to ignore it.
Secondly, it's not exactly invasive.

http://news.bbc.co.uk/2/hi/technology/7985339.stm

The data stored does not include the content of e-mails or a recording of a net phone call, but is used to determine connections between individuals.
Authorities can get access to the stored records with a warrant.

Be more pissed off at individual governments and their lapses in data protection (UK, I'm looking at you!) rather than the EU.

Oh joy.

Please show where I said anything resembling that. I just said it doesn't bother me. Why don't you show me why I should be bothered (without vague platitudes and references to Orwell), give me a concrete reason why I should care.

Invasion of privicy. Imagine if you where emailing your extra matrial love interest. All of that data is to be held, some body unconected with you has the ability to find out all the juicy details of your afair.

Invasion of privicy. Imagine if you where emailing your extra matrial love interest. All of that data is to be held, some body unconected with you has the ability to find out all the juicy details of your afair.

The content of the emails is not stored (or that is what the law says), so they'd only know that you email that person a lot.


I'd like the know the procedure for obtaining these 'warrants'.

The content of the emails is not stored (or that is what the law says), so they'd only know that you email that person a lot.


I'd like the know the procedure for obtaining these 'warrants'.

Ahhh yes that is true, I forgot that bit.

I'd like the know the procedure for obtaining these 'warrants'.

I imagine much like every other warrant. Authorities need probable cause, judge says yes, or judge says no.

guys this is true, at least close toit i didnt read all the 1st guy posted.

http://news.bbc.co.uk/1/hi/technology/7985664.stm

So if they aren't storing the information contained in the email, what's the sense of storing the two contacts in the first place?

Somebody is lying...

I imagine much like every other warrant. Authorities need probable cause, judge says yes, or judge says no.

Ah, but not when it's related to 'terrorist' activities.

So if they aren't storing the information contained in the email, what's the sense of storing the two contacts in the first place?

Somebody is lying...

To show that someone was, in fact, in contact with terrorist sources perhaps.

To trace further potential suspects from the account of one criminal.

So if they aren't storing the information contained in the email, what's the sense of storing the two contacts in the first place?

Somebody is lying...

'Conspiracy', 'aiding', 'abetting', 'financing', funding' are crimes too.

Ah, but not when it's related to 'terrorist' activities.

The EU passed it by "saying it was a commercial matter and not a police matter", he explained.
In other words, it wasn't passed through the Third Pillar of the EU (dealing with Justice and Home Affairs - things like terrorism, policing), but rather the First Pillar - which is criminal based. (Commerce based, Common Market etc etc.) So a special warrant wouldn't be needed.

Now linking organised crime and money laundering to terrorism is a tiny step, and you could argue that they were deceptive in bringing in criminal legislation by the back door - but then again, this is a Council Directive, not a Framework Decision (from what I can see) meaning a Member State is not obliged to carry it out. Each MS can choose to - like Sweden, who didn't.

To show that someone was, in fact, in contact with terrorist sources perhaps.

To trace further potential suspects from the account of one criminal.

Ok they were in contact, but how do you know what they're speaking about without holding the records of what was being discussed?

Guilt by association is allowable now?

'Conspiracy', 'aiding', 'abetting', 'financing', funding' are crimes too.


Again, how would you know that is what is really taking place without having a record of what was said in the emails?

Ok they were in contact, but how do you know what they're speaking about without holding the records of what was being discussed?

Guilt by association is allowable now?

No it's not and nowhere did I say that it should be the only evidence required to arrest someone

Again, how would you know that is what is really taking place without having a record of what was said in the emails?

Well, if you're in regular contact with a person/organisation who is listed on a terrorist watch list (which each State intelligence service has, as well as the published EU list, and UN list), that's pretty good reason for police to be keeping an eye on you, and would give probable cause for further investigation (such as surveillance, phone taps, etc).

No one is 'lying'. This isn't the US government. Data protection in the EU is left with each individual Member State.

Why? It's a Directive, so Member States don't have to follow it, like Sweden, who decided to ignore it.

The fact that they decided upon it, lowered my opinion of them as a great and progressive organization, to invasive jerks.

Secondly, it's not exactly invasive.

http://news.bbc.co.uk/2/hi/technology/7985339.stm


Uh, yes it is. To determine "connections" is invasive. And if you think those will really be only accessed by policemen with warrants, I have received my dose of laughter for the day.


Be more pissed off at individual governments and their lapses in data protection (UK, I'm looking at you!) rather than the EU.

The UK is worse than the EU, but EU still passed this.

No it's not and nowhere did I say that it should be the only evidence required to arrest someone

I'm not accusing you, I'm just saying that's what it seems like. Think about it, if it just shows that you're in contact with a terrorist, without seeing the actual messages being said, you've already got one big strike against you just by being in contact with this person. In reality he's your old high school friend turned terrorist.

My point is I don't think the government would let that happen, so I think they're keeping track of the messages as well. It just doesn't make sense not to. Or else they'll start storing those later within the next year just to keep the public a bit more calm about invasion of privacy...

Uh, yes it is. To determine "connections" is invasive.
Determining connections between criminals and criminal activities is invasive?

And if you think those will really be only accessed by policemen with warrants, I have received my dose of laughter for the day.
Then blame your own government for it's actions, not the Council because frankly, they're not going to be the ones doing anything.

The UK is worse than the EU, but EU still passed this.
Passed something that you don't have to pay attention to....
Ok...?

Determining connections between criminals and criminal activities is invasive?

"Connections" between criminals and those whom they know.


Then blame your own government for it's actions, not the Council because frankly, they're not going to be the ones doing anything.

They are recommending this.


Passed something that you don't have to pay attention to....
Ok...?

A government that intrudes in the lives of its citizens takes baby steps, like the UK does.

I have a feeling that the vast, vast majority of this archive will contain spam for penis enhancement drugs.

And the whole system will come online about ten yers later than originally scheduled, at about twenty times the original budget, if they ever get it to work at all...

And the whole system will come online about ten yers later than originally scheduled, at about twenty times the original budget, if they ever get it to work at all...

You forgot the inevitable cock-up in which they realise they've left half the archive unencrypted on a department laptop on the train.

Can't wait for someone to hack in and discover who the politicians communicate with by e-mail.

Well, those few who know how to use a computer.

When they tapped the phones
I remained silent;
I did not use land lines.

Then they came for the email,
I remained silent;
I did not use email.

Then they set up cameras in the public square
I did not speak out;
I did not care about cameras.

When they came for me,
there was no were left to run.

The cameras have been in the public square for a decade.

Why? It's a Directive, so Member States don't have to follow it, like Sweden, who decided to ignore it.
Secondly, it's not exactly invasive.
Um... Member States do have to follow Directives. They are required to implement them into national legislation within a set time frame. If they don't, the European Commission may initiate legal action against the member state in the European Court of Justice. So it's not just something a member state can ignore.

Article 189 (3)
Directives shall bind any Member State to which they are addressed, as to the result to be achieved, while leaving to domestic agencies a competence as to form and means.
Rome treaty (http://en.wikisource.org/wiki/The_Treaty_establishing_the_European_Economic_Community_(EEC))

If the Court convict a Member State for failing to implement a Directive, and the Member State still don't implement it, the Court may order a financial penalty to be placed on the Member State. And it isn't unheard of. (http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:62006J0070:EN:HTML)


In other words, it wasn't passed through the Third Pillar of the EU (dealing with Justice and Home Affairs - things like terrorism, policing), but rather the First Pillar - which is criminal based. (Commerce based, Common Market etc etc.) So a special warrant wouldn't be needed.

Now linking organised crime and money laundering to terrorism is a tiny step, and you could argue that they were deceptive in bringing in criminal legislation by the back door - but then again, this is a Council Directive, not a Framework Decision (from what I can see) meaning a Member State is not obliged to carry it out. Each MS can choose to - like Sweden, who didn't.

Actually, a member state is obliged to carry it out, as I've said above.

And the blog is incorrect about Sweden. Sweden is in the process of implementing the Directive (http://www.svd.se/nyheter/inrikes/artikel_2608267.svd), though they will probably choose to only store the data for six months. A proposition is expected to be presented to the Swedish parliament this summer. (The Swedish government wishes to go further than the Directive on a couple of points, and that's one of the reason for being behind schedule.)

Ok they were in contact, but how do you know what they're speaking about without holding the records of what was being discussed?

Guilt by association is allowable now?
It's been "allowable" with phone records for decades. Why is this dramatically different?

I have a feeling that the vast, vast majority of this archive will contain spam for penis enhancement drugs.

You do realize that they won't store content, right?

You forgot the inevitable cock-up in which they realise they've left half the archive unencrypted on a department laptop on the train.True!

Can't wait for someone to hack in and discover who the politicians communicate with by e-mail.

Well, those few who know how to use a computer.Huh! We'll probably find that they've exempted themselves from having their e-mail details stored...

Um... Member States do have to follow Directives. They are required to implement them into national legislation within a set time frame. If they don't, the European Commission may initiate legal action against the member state in the European Court of Justice. So it's not just something a member state can ignore.

Right right right. Mixing up Regulations, Resolutions, Directives, and Framework Decisions -.- It's the Regulation that's not obligatory, and can be ignored.


And the blog is incorrect about Sweden.
I got the Sweden thing off the BBC, not the blog. From that same article it has a challenge in progress in the German Courts, so if they reject it then it might pose a problem. And the German Courts have a habit of issuing certain checks on EU legislation. But, I stand corrected.

So basicly, all a criminal has to do to cricumvent this is using a webmail service not based in the UK ? Sure - the police can see the suspect used webmail then; but they cannot see where the mail went.

Or, if they want more control, the criminal could have a dedicated email forwarding server somewhere outside the UK, which forwards e-mails based on keywords in the body instead of in the headers of the message. The criminal can then send all his mails to that server, and the trail ends there - since the contens of the messages were not stored.

How useful.

Right right right. Mixing up Regulations, Resolutions, Directives, and Framework Decisions -.- It's the Regulation that's not obligatory, and can be ignored.
I must admit that EU law is one of my weaker points... But aren't Regulations binding for all Member States from they're passed, while Directives are binding but lets the Member States choose how they want to implement them? While Decisions also are binding in every respect for the addressees named therein, Recommendations and Opinions are non-binding...

I don't know this, and base this only on a direct interpretation of Article 189.

Do you have any enlightening insights to share?

I got the Sweden thing off the BBC, not the blog.
I just love pointing out that blogs are wrong :p

From that same article it has a challenge in progress in the German Courts, so if they reject it then it might pose a problem. And the German Courts have a habit of issuing certain checks on EU legislation. But, I stand corrected.
Interesting. I hadn't picked up the part about the German courts...

I must admit that EU law is one of my weaker points... But aren't Regulations ....
Had a brain fart. I don't wade into EU Data Protection Law or IP areas for a reason! My area is more Framework Decision and Convention based (which is post-Amsterdam Treaty areas of Asylum, Immigration, Criminal, Security) - resolutions are the weakest form from what I remember as they emanate from the Parliament so no one pays much real attention (apart from morally). The others are... enforceable but as you said give leeway to MS in timelines and methods. Normally, (I think), unless the Council throws it's weight behind it MS take a.... more 'relaxed' view to implementation, yeh they might get slapped by the Commission but most EU countries have ended up in the ECJ against the Commission at some stage, so they're not too pushed about crossing the Commission now and again. Plus, politically it comes across as if they're standing up to 'European bureaucrats'. When the Council says something, States do it - because it's the political will that drives it. IMO, legislation that is initiated by someone other than the Council ends up being diluted somewhat, or it's treated less seriously by individual MS - that's just my observation.

God knows what the Lisbon Treaty is going to do to all this. *sigh*

Do you have any enlightening insights to share?
Yeh... stay away from EU law :tongue:


Interesting. I hadn't picked up the part about the German courts...
The German Constitutional Court/Supreme Court (?) has a habit of being a marker against which alot of EU decisions come up against. Recently they almost took down the European Arrest Warrant 2-3 years ago, but decided the procedure was in error, not the actual legislation itself - and this was a guy wanted on terrorism charges by the Spanish http://www.spiegel.de/international/spiegel/0,1518,449003,00.html

A few others back in the 70's I think helped shape the EC corpus from then on. Can't remember their names though....